empyrean | b4c6236161efbce2b9094d7ef7e43346435c146f3dc217b32fafcee52b73ccce | Triage

Submit
Reports

Overview

overview

Static

static

Mercurial ...03.exe

windows10-ltsc_2021-x64

7

Sharing

General

Target

Mercurial Grabber v1.03.exe
Size

20.8MB
Sample

250328-lm539swns3
MD5

c2357cdbb781020c7d365f9cf01cdca9
SHA1

8e19ef6fd31be79171bab26a6fe9cb375ac8ccc4
SHA256

b4c6236161efbce2b9094d7ef7e43346435c146f3dc217b32fafcee52b73ccce
SHA512

e6922334cdfc3ff990622a210a3a4ae3ce311136bee6829bf71595b6c383d7ebd3bc6b97f976e670e899163c4ba8c77681d41b439165a0c5cf4de499af6ce584
SSDEEP

393216:XqPnLFXlrxQ9w2ODOETgsvcG/gcpHplYu+nySGLCELbvsD8s:aPLFXNxQ9w4ENlpLPnlv3vQ

Score

10^/10

empyrean discovery persistence pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

Mercurial Grabber v1.03.exe

Resource

win10ltsc2021-20250314-en

discovery persistence spyware stealer upx

windows10-ltsc_2021-x64

14 signatures

300 seconds

Malware Config

Targets

- Target
  
  Mercurial Grabber v1.03.exe
- Size
  
  20.8MB
- MD5
  
  c2357cdbb781020c7d365f9cf01cdca9
- SHA1
  
  8e19ef6fd31be79171bab26a6fe9cb375ac8ccc4
- SHA256
  
  b4c6236161efbce2b9094d7ef7e43346435c146f3dc217b32fafcee52b73ccce
- SHA512
  
  e6922334cdfc3ff990622a210a3a4ae3ce311136bee6829bf71595b6c383d7ebd3bc6b97f976e670e899163c4ba8c77681d41b439165a0c5cf4de499af6ce584
- SSDEEP
  
  393216:XqPnLFXlrxQ9w2ODOETgsvcG/gcpHplYu+nySGLCELbvsD8s:aPLFXNxQ9w4ENlpLPnlv3vQ
Score

7^/10

discovery persistence spyware stealer upx
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerempyrean

behavioral1

discoverypersistencespywarestealerupx

© 2018-2025

Terms | Privacy